Re: SSL cleanups/hostname verification

It means I will go ahead and apply it once I have looked it over once
more.

Thanks for review+testing!

You may now move on to the next ssl patch if you're interested ;)

/Magnus

On 12 nov 2008, at 17.05, "Alex Hunsaker" <badalex(at)gmail(dot)com> wrote:

> OK now that im using the right env var everything seems to work as
> described. FYI I also tried to exercise the various new error paths
> and everything seems good so as far as i'm concerned this looks good
> to me. Ill go mark it as "ready for commiter" on the wiki. (whatever
> that means you being a commiter :) )
>
> -----------
> $ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
> psql (8.4devel)
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> Type "help" for help.
>
> postgres=# \q
>
> $ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
> psql (8.4devel)
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> Type "help" for help.
>
> postgres=# \q
>
> $ ./psql postgres -h 127.0.0.1
> psql: server common name 'bahdushka' does not match hostname
> '127.0.0.1'FATAL: no pg_hba.conf entry for host "127.0.0.1", user
> "alex", database "postgres", SSL off
>
> $ PGHOSTADDR=127.0.0.1 ./psql postgres -h 127.0.0.1
> psql: verified SSL connections are only supported when connecting to a
> hostnameFATAL: no pg_hba.conf entry for host "127.0.0.1", user
> "alex", database "postgres", SSL off
>
> $ rm ~/.postgresql/root.crt
>
> $ PGSSLVERIFY=none ./psql postgres -h 127.0.0.1
> psql (8.4devel)
> SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)
> Type "help" for help.
>
> postgres=# \q
>
> $ PGSSLVERIFY=cert ./psql postgres -h 127.0.0.1
> psql: root certificate file (/home/alex/.postgresql/root.crt) not
> found